Skip to main content


Splunk Lantern

Investigating and remediating alerts from web applications


In your organization, you have integrated Splunk ITSI with Splunk On-Call and configured an action rule within an ITSI NEAP to send over actionable ITSI episodes into Splunk On-Call to empower fast, efficient incident resolution with reduced downtime. Now, you need to ensure the incident gets routed to the right person or team and provide them context so they can quickly start to investigate and remediate the issue. 

This article is part of the Splunk Use Case Explorer for Observability, which is designed to help you identify and implement prescriptive use cases that drive incremental business value. It explains the solution using a fictitious example company, called CSCorp, that hosts a cloud native application called Online Boutique. In the AIOps lifecycle described in the Use Case Explorer, this article is part of Incident Investigation and Remediation.


You can use Splunk ITSI to send critical observability notifications to Splunk On-Call to quickly get those actionable ITSI episodes to the right teams, with the right context, so they can immediately acknowledge, triage and remediate the issue. The workflow explained in the following video helps you:

  • Understand incident management options 
  • Speed investigations using annotations to get to root cause
  • Collaborate when problems occur

Next steps

Still having trouble? Splunk has many resources available to help get you back on track.